Linux Reacts to Being Hacked
Vložit
- čas přidán 4. 04. 2024
- Someone finally bothered to hack Linux and it was a BIG one!
ARTICLE: www.techspot.com/news/102456-...
Fireship video on it: • Linux got wrecked by b...
SUPPORT: funkytime.tv/patriot-signup/
MERCH: funkytime.tv/shop/
FUNKY TIME WEBSITE: funkytime.tv
FACEBOOK: / samtimenews
TWITTER: / samtimenews
INSTAGRAM: / samtimenews
-----------------------------------
#Linux #LinuxTechTips #IUseArchBTW
'Escape the ordinary. Embrace the FUNKY!'
-----------------------------------
SAMTIME is a parody channel and does not represent any tech company featured.
For sponsorship enquiries: samtime@bossmgmtgrp.com
For other business enquiries: business@funkytime.tv
Copyright FUNKY TIME PRODUCTIONS 2024 - Komedie
"If you're gonna hack someone, maybe stick to the people who don't know what a computer is"
My new all time favorite quote
I was looking for this comment, if not
plus the accompanying short vid of tim 😂😂😂😂😂😂😂😂
beat me to it 🤣
The hacker spent years social engineering and working for free, to gain trust in the community. Only to be foiled by one bored Microsoft employee
Pretty embarrassing for the hacker. lol
He wasn't bored, he was a Postgres maintainer running regular tests. Him being a Microsoft employee actually has nothing to do with the story but it's easier to explain that to people instead of what unit tests are or what Postgres is.
Over 90% of servers use linux, so it makes sense that people would make viruses for linux.
Distros used on servers were not affected.
and the rest run linux using windows+virtual machine
Yes, and?
@@tm-sasankaDebian? Fedora? Red Hat? CentOS?
😮
NSA: damn they got our back door again
They insert it in the deep backend
Damn you, microsoft employee!
@@Henry-sv3wv normally its the Microsoft employee's loving the backdoors.
They still got the intel management engine
Correction: it was NEARLY backdoor'd. Only testing distros got affected by the backdoor.
And it's ironic the one who caught this works at microsoft.
Microsoft probably make more money running Linux servers than selling Windows now. Anyway, that Microsoft Engineer probably runs Linux on their computer. Just like any respectable person would.
It's kind of weird because as far as I can tell, different distros avoided it for different reasons: standard release distros like Fedora and Ubuntu never shipped the compromised package on stable systems, and rolling release distros like Arch did but just happened to be unaffected because they didn't patch xz into SSH (although the latter assumes that the sshd patch exploit is the only exploit in the affected package, which isn't known for sure yet)
@@bosstowndynamics5488 your knowledge on this is very good, where do you do your research from? I'm just learning about Linux.
@@ved_ituas Honestly it just turned up in my newsfeed, Google being creepy and all. It's all over a lot of the typical news sources for sites that deal with open source stuff regularly, and since it's a community dominated by enthusiasts and actual developers they tend to share the details more than an average journalist would. That, and a bit of extra reading around since I'm more familiar with the exposure for distros like Fedora since I don't use a rolling release myself
@@ved_ituas This is available on other channels which are less focussed on the comedy side of the situation. Like SomeOrdinaryGamers out of everything. Basically, search for Linux and you'll likely find a few more informative videos about this attempt at a backdoor like from Theo t3dotgg.
Love you sam! ... btw... us ARCH users were NOT affected by the hack because we didn't link SSHD to Liblzma libraries. We are just the best... we know it... and now the whole world knows it!
I was actually wondering your thoughts on this, Thanks Chris!
"if you're gonna hack someone, maybe stick to the people who don't know what a computer is" Roasting macs like that yes
He was roasting the iPads lmaooo. That’s where the background voice came from. Macs are actually great and way better than windows.
-A lifelong windows user with acer, dell, HP and Lenovo thinkpad now on to the M3 MBP 14.
The FIRST computer I could actually leave the charger at home. (Lasted the whole day at work with battery (25-30) left after 9 hours.
The FIRST computer to not overheat or lag. (Mine is the 8gb ram version) (6gb swap but still smooth)
The FIRST computer to NEVER shut down. Seriously set it up and restarted once a month ago. That’s it.
That last part was especially important as I use my one computer for BOTH work and personal. When I go to work, have to spend like 10 mins logging in to the few systems and chrome tabs. (And I’m not a morning person so I sometimes am late because of this :( )
Now, I keep the first 4 desktops for work.
Desktop 5 at the centre is empty
Desktop 6-7 is personal
All left running with chrome (2 profiles) and safari totalling 57 tabs. All logged in always and basically I just swipe between the desktops seamlessly for work (left 4) and personal (right 2) with the respective tabs. And when done, just close the lid.
In fact this blew me away at how freaking stable and reliable macOS is that I regretted not switching from windows sooner. I ACTUALLY enjoy using a computer again as it’s similar to a phone being always ready to use and all the apps are there. (Especially WhatsApp and emails)
And ALL this on a well built and lightweight MacBook that is even higher quality than the thinkpads….
I’m hugging myself for being so late to Mac. Especially when I have an iPhone. Oh yes, that closes the loop with password key chain, SMS OTP autofill, copy and paste there, iCloud files.
BEST PURCHASE EVER. PERIODT
Now I’m thinking of getting a second Mac with proper high specs (16gb/1TB). If it handled so well on just 8….. 16 would be overkill and that’s what I want.
M3 Pro MacBook Pro 14/16 (16/1TB) come to daddy next :)
@@ashtonlagreenia6114The first point has nothing to do with Mac, and more just has to do with most pre-built Windows laptops being terrible quality.
That said, the best choice is a well-built laptop with something like Debian or Arch installed.
Edit: your statement about Mac stability is technically accurate, but it's more just that modern Windows releases have gotten worse and worse on stability while everything else has been getting better.
@@ashtonlagreenia6114What potato are you using to run Windows that takes you 10minutes to turn it on?
That's not to shit on the latest MBPs though, their new chips are pretty fucking glorious. Genuinely outstanding performance, efficiency and design. And thats coming from someone who's happy shitting on Apple til the cows come home.
But it's a luxury that apple has because it's happy throwing out x86, which Microsoft keeps trying but fails at because of the inertia of just that much built up legacy applications.
I was afraid Sam forgot to add an upside-down screen joke, but just at the end, he delivered. I should never doubt him again.
hey, what is this joke about?
@@himanshuboora Weird things need to be done to get anywhere with Linux.
Postgres, software for elephants 💀
💀💀💀
How do I install Postgres server from zip archive
@@fun.playTV
shred -zuf /etc/*
@@fun.playTVsudo apt install postgres
sudo tar -zvf /path/to/binary ./postgres.tar.gz
sudo tar -xvf ./postgres.tar.gz /path/to/binary
Your humble servant sir, you should do the same with the files in /usr/share, /etc/postgres and /usr/lib /var/postgres .
Joke apart, a tar ball (zip) is use to transfer binaries and files when you install/update software through a package manager, or even your classic installer on Windows will usually download a lot of compressed files.
As someone who works with good ol' pg, I can confirm some of us do look like elephants.
Sudo Scientist 😂 I see what you did there!
This why SAMTIME is so underrated.
Yeah, that was a great one!
so many good jokes here lol
@@ImHeadshotSniper I think "Sudo scientist" is worthy of its own shirt, LMAO!
@@vdochev definitely
"Or, let's be honest, a bunch of single dudes" 😂 I love you so much!
wait wait wait Linux got Hacked in their backdoor who would have thought that possible not linux users could they??🤣🤣🤣🤣🤣
when i studied computer science in switzerland it was basically assumed that everyone was using linux.....
the assignments were literally structured around linux....
What dream
the arch linux memes never disappoint 😂
I use arch btw
I don't get it, do you build arches arround the world? xD
@@GameNobz No, that's Ronald McDonald.
Oh nice. How's watching Sam's content up side down?
nobody gives a fuck
@@spokoman23 us arch users can invert our eyes vision. its a rite of passage
sudo stop it. Ha! Almost spilled my coffee everywhere!
Sudo protect your back door🤣🤣🤣
the funny thing is... it never really went public and was detected in the testing phase
It went; on OpenSUSE Tumbleweed.
I hate it when they thrash my back door
So does Apple
Leave that penguin's backdoor alone! Ya'll nasty
*Y'all (contraction of "You ALL")
Only the early access distros were afftected, so 99% of general users don't have to even think about it
This is not completely true. OpenSUSE Tumbleweed was indeed affected because it shipped the affected versions of XZ Utiles and the XZ-patch for SSH.
@@alicethegrinsecatz6011 okay fair, but everyone else, specifically the ones he listed, only the pre release versions were affected
Yeah because it was caught, by one guy. It’s not like a hundred others caught this so if this one guy hadn’t, it wouldn’t have been an issue
i love it when i see a blue dot next to this channel
ɥɔɹɐ uo ʇuǝɯɯoɔ sᴉɥʇ ǝʞᴉl opns
There you go 😊
Laughed my ass off at that one dude 👍
Atleast thats not a front door attack. That would've been embarrassing.
*At least
Two words, not one. Think of the phrase "at the _very_ least."
*that's (contraction of "that is" or "that has")
@alvallac2171 Seems rude, but thanks.
There's a fine line between "taking the piss" and actually useful, and you managed to walk that line.... until you fell off at the "sudo stop it" command 😂😂
Thanks, it was hilarious.
AND PLEASE UPDATE YOUR XZ LIBRARY TO NEWEST VERSION!
3:08 That's the best Terminal command I have ever seen!
If you are running an ordinary linux release, like ubuntu, fedora etc.. This backdoor never reached you. So you good, life as usual.
Jia Tian and his fake accounts were trying to make those distros to update their XZ versions in order to ship the infected release, but they got found out before it ever happened.
If you running stuff like arch and/or bleeding edge distros, you don't really need this sort of advice do you?
The exploit doesn't run on arch, it checks and if it's on arch just gives up cause it knows you'd be poor asf. (I use arch btw)
The xz maintainers are sneaky
The amount of sex references is just a straight up insult to Linux users lol
Actually, no Linux distro got hacked. The backdoor was founded in an early state and from the distros you named, only Arch and OpenSUSE had this version installed in the current distro releases, but only OpenSUS Tumbleweed and not OpenSUSE Leaf, which is used by most OpenSUSE users, and on Arch, it wss irrelevant because the backdoor needs the patched version of ssh, which is not shipped wuth Arch. All other names distros had this backdoor only in early acces version, like Debian Unstable, Fedora 41 and Rawhide. The current version of Fedora (39) in th planed summer release (40) weren't affected at all. 41 is planed for the beginning of 2025, while Rawhide is just a text plattform for new ideas and concepts. Rawhide is not mentioned to be used as daily driver.
"Zed"!
Me: Where's this guy from again?
He is an Aussie who is now in Europe somewhere.
Yes. Zed is the correct pronunciation.
Bro zed is the correct
Ah yes, Linux , my favorite company!
actually Arch and Gentoo are not affected by this hack as far as we currently know, it targets a patch that is not implemented by these distros
fyi guys, MAC's also uses the same tool and compression tool. this doesn't only effects Linux, it could have also backed door all macs as well when apple added the package mac.
*FYI, guys, Macs
*This
*effect
*Linux. It
*backdoored
*Macs
*package to the Mac.
@@alvallac2171 mac runs the same compression tool to open and use tr.gz packages. its UNIX based compression tool
This was excellent Sam, you've stepped up a notch. 👊🏻
You are the smartest funny person in the tube. I do not laugh this hard ever. ❤
Thanks for bringing a sliver of joy and laughter to my dark days, Sam. ❤
Punchline at the end was excellent 😂
Ah yes, I can use this as a valid explanation for why I --accidentally-- totally intentionally made my debian install immutible
*immutable.
This was proof that the open model where anybody can catch issues and report/send in a fix for it, works. It was caught in testing/unstable branches of a few distros before it went into production. Yeah, it ruffled a few feathers in how the attack was carried out, but it goes to show that the community, while not perfect (nothing is), is capable of doing great things to stop big damage from happening.
Yea unlike closed source
3:04 to be fair no stable version of fedora had the backdoor. Not even the beta 40. But it reached fedora 41 which is going to be next beta but it got fixed instantly.
I am waiting for the day Sam does his standup! Seriously Sam! You are hilarious!
Sam the man is a philosopher "The back door is not usually available or am I right?"
mac os also uses XZ and also was at risk till the backdoor got discovered which then stopped it from being put into stable releases of some distros and mac os.
Andres Freund based. His last name is even "Friend".
This is brilliant! Well done!
Arch was not susceptible, the same with kali. Only testing versions of debian were affected.
Saved by Microsoft employee. Old school Linux users shiver around the world at the thought.
FYI... Microsoft has been Linux friendly for years.
Loved this video! Great job!
THAT CPU FLASHING ELECTRICITY WHILE PLAYING A VIDEO 😂😂
Debian was so compromised.... in it's nightly builds, no one uses in production or as a daily driver, for like 525 seconds ^^.
Debian is famous for cutting edge technology in the sense of even flint stone knives were cutting edge technology literally at one point in history.
If you run Debian stable on a server or desktop i see little to no chance why you'd be affected by something that was detected even 2 month ago.
They simply do not churn out software that fast. I'd like to thank our early alpha testers at this point, the (and i mean it unironically) arch crowd.
what movies are clips of the pergent woman from and is the guy a young Ashton Kutcher?
No one cares about linux desktops..
what matters is, linux servers that stores data of all windows,mac,ios,android combined getting backdoored..
Linux does actually get regularly hacked. When a website gets hacked, the servers is usually running Linux. Because it's free
You're probably talking about sql injections or someone cracking an ssh password with a dictionary attack. Leaving port 21 open without ip banning bad login attempts is like leaving a computer sitting unguarded in a coffee shop. Doesn't matter what OS it is running, anyone can login given enough time.
Tbh people using Debian Sid got that coming😂😂
The sudo scientist 😭😭
1 second and i had to start laughing cause of the notebook. :D Well done!
"The All New SamTime, Video!"
ROFL at the Kingsman Eggy and Princess clip
Who's that guy with a beard at 1:14 what's his name he usually does interviews I want his name
Isn't that borat? 🤣🤣
*snortle* 'nix has long been hacker country. Cut my teeth unshadowing & cracking password files as a kid. Good times!
This is actually a really accurate explanation of the exploit, nicely done
Stable (such as debian stable) distros werent but bleeding edge were (such as Debian testing, Debian unstable)
Not everyone, Arch was unaffected, and stable Debian with an owner with more than three brain cells bothered to read before writing…
When so many servers run Linux, it's a massive issue. Or could have been. And yes, I use Linux, but no, I don't use Arch.
I've just tried it, but "Sudo stop it" is not a recognized command?
🤔
Arch Linux wasn't effected because they configure SSHD differently, Fedora, Debian and OpenSUSE Leap weren't effected either, exept for the very small minority, that ran the beta versions of these distros. So virtually no production server is vulnerable because of these exploits.
*affected (different meaning)
*differently. Fedora (to fix your comma splice run-on)
*minority that
0:55 Tom Scott is looking a little different
not just fedora or opensuse or debian it was specific versions fedora rawhide debian sid opensuse tumbleweed ffs if you are going to make a video about something get your info correct
This is the reason why you should NOT use alpha or beta software if you're not a developer.
Still, I use Endeavor OS lol. (which got affected by xz, but not really, because the supply chain isn't linked to sshd).
"... and even Arch, BY THE WAY!" 😂
Only the very recent versions (unstable) have (had) the flaw.
OpenSUSE Tumbleweed had it too
Can anyone remember how Apple use to brag that no one can hack them, so someone did publicly ( many times since ).
It was as nobody was using Apple that they weren't hacked, not no one could hack them. As far as I know Linux has never said that it was impossible to hack them.
Linux isnt a single entity, but I get what you mean
@@mr.shplorb662 the kernel sorta is
the family of operating systems sorta aint
It was a CCP spike up his back door, not a CPU spike.
What's CCP?
Ch1n4 C0mun1st P4rty
@@mohd5roseCCP stands for Chinese Communist Party, which rules the People’s Republic of China. Dengism, the political ideology of the CCP, combines socialism and capitalism which results in Chinese corporations being partially controlled by the Chinese government.
@@mohd5rose china communist party, tho this could be a USA as well due to Linux user-ship is rising an they did ask in many congress hearings to add backdoor to Linux the leader of Linux "Linus" flip them off saying cussing "no" (fyi, i can't post his real response. it would get me banned from youtube. it was "colorful" ) although the USA adds backdoor to our own infrastructure then gets surprised like a 5 year old when china or Russia finds it then cyber attacks our gird. that's why each time i hear of new cyber attack on our gird happens I cry and laugh because we will always be hacked due to those "backdoors" in everything. because as long theirs a door, it can be opened by anyone including our foes.
@@mohd5rose china Communist party, tho theirs backoors into everything our gird too. then the usa gets shocked when they get found by our foes. like yea, its a door. it can be opened by anyone no matter how you hide it. thats why our gird will never be safe.
This is why Linus community is so strong
I was waiting for Sam's take on the xz fiasco 😂
arch got fixed within 20 minutes of the exploit being discovered so if you updated after easter you're fine.
Sam, what laptop is that?
3:13 you mean: "sudo rm -rf"
Nope, I want the GALOX NOTE 10
I wonder wether they just paid the dude to overtake his account and inject the code? It's so weird after that time.
3:00 Archlinux made me laugh…yes I’m a Linux user❤
I was trying to subscribe but I don't know what to ask the xcode bash kernel!
Seems like the only known to Sam thing about Linux is the upside down screen issue that I personally never experienced. This joke has got too much used at Sam's.
great work
That's what I only Apple. Only Tim has the key to my back door ❤
If I'm a good puppet he will use Apple silicone...... lubricant when being compromised. He won't create a patch to fix any damage though 💔
What about Mint?
what about MacOS 7.2?
Mint is based on ub*ntu
you are probably fine as most distros didn't even package the compromised version. It was only on rolling release/testing channel systems, which run the newest stuff by design. Funny enough arch is safe, due to simply not distributing the compromised part.
If you are worried just update your system tho
Linus' middlefinger or this one... Choices, choices...
How old is that laptop?
Old enough to run linux
@@a.p5193 Isn't everything old enough to run Linux though.
As a Linux user, all the jokes here were amazing lol. Best summary of the xz issue. Actually made more sense than literally everyone else.
Oh com' on 🙂 what a crappy title 😀
but calling Linus at 0:50 an average Linux user is good 🙂 and showing the cook himself at the end make me really laugh. So I laughed, mission accomplished 🙂
using the default smiling emoji makes you look like a psychopath
Actually Debian was not affected because they run an older version of this which didn't have the hack. Only the newer testing versions had it and distros who always like to update to the very latest versions like Fedora, Arch, opensuse Tumbleweed and other distros based on those.
But yes, it was a bad actor but thanks to the principles of Free Computing anyone was able to see and find the code.
In an Apple or Microsoft system only certain of their employees can see the code making it far more likely that it would go unspotted for years.
No, for debain AND fedora, only beta versions got affected
arch hasn't affected (arch do not auto links ssh with liblzma)
though, open suse tumbelweed got affected
Still, it was only because of the FOSS system that the backdoor.could be introduced at all. It's important to keep that in mind.
@@fisch37 True. But the openness allows that balance. Whereas if a proprietary vendor agrees to willingly add backdoors for governments or whatever, it is far less likely to be found if no on can see the code except the creator of the code
No vas, no backdoor access!
Imagine a new security software called "Dr Phil" 😱
keep making us laugh sam!!!
Trillion a of bucks go to these types of jobs, little timmy should change careers, get him a piece of muppet kit and creshendo his portflio resume.
Someone will actually type "sudo stop it"
The sudo stop it didn't work, It just gave me Sudo: stop: command not found
i never clicked a notification this fast
It seems like Microsoft was a bit too confidential about that backdoor
The hack did not manageto affect fedora and Debian Stable
*did not manage (do/did/does + bare infinitive)
*stable.
the hack was targeting systemd distros, which are mainly desktop not server, so really only these 4% of computer users, ASSUMING they don't have firewall, so really closer to like 0.1%... 😂😂😂